Learn to use Visual Studio, Visual Studio Team Services, Application Insights and Team Foundation Server to decrease rework, increase transparency into your application and increase the rate at which you can ship high quality software throughout the application lifecycle

Git Credential Manager for Mac and Linux

Are you tired of typing in a user name and password every time you fetch from or push to remote Git repositories? Me too! We have good news! Today we are announcing the open-source release of the Git Credential Manager (GCM) for Mac and Linux. This follows the release of the GCM for Windows. We ported this tool to Mac and Linux to simplify their authentication to remote Git repositories, in particular those hosted in Visual Studio Team Services (VSTS).

The GCM is a Git credential helper that assists with multi-factor authentication. Compared to Git’s built-in credential storage (such as wincred for Windows), which provides single-factor authentication support for remote Git repositories, the GCM provides multi-factor authentication support for VSTS (and soon GitHub). Secondary factors of authentication in VSTS can be configured per-account and include phone calls, SMS, or mobile app notifications.

After installing the GCM, when connecting to a remote Git repository hosted in VSTS for the first time, the GCM will open a web browser window so that you can authenticate and authorize access to your account (via OAuth 2.0):

This allows the GCM to use the OAuth access token to create a VSTS Personal Access Token (PAT) scoped for vso.code_write, effectively granting Git permission to read and write to your Git repositories hosted in VSTS. The PAT is then stored in a file under your home directory (protected by your individual file system permissions) and will be used for future accesses to the remote Git repositories so that you are not repeatedly asked to sign in.

At any time, you can revoke the Personal Access Token through your VSTS profile settings:

Subscribe Blog via Email

Tags

> Are you tired of typing in a user name and password every time you fetch from or push to remote Git repositories?

Apparently MS hasn't heard of SSH public/private keys.

1 year ago

Chris

It would be a great idea to make the install instructions for the Mac and Linux version easier to understand. Viewing the install docs for homebrew, it says to run this "brew install ${project.artifactId}" but what is the project.artifcatId supposed to be?

1 year ago

Samuel Creshal

What the hell are you guys smoking? SSH already supports everything from public key authentication to Kerberos-based SSO. What problem is this solving, apart from a bad case of "not invented here" syndrome?

Oauth for Git? I'm just going to say this seems hilariously overengineered. Even if you don't support SSH's built-in public/private key authentication, then adding support for it isn't exactly difficult. Much simpler than Oauth, and simpler is usually better.

@Samuel, OAuth is used for the multi-factor authentication portion that some companies' security policies require. The OAuth token is then used to retrieve a VSTS personal access token, similar to what GitHub uses as an alternative to SSH. This personal access token is what is used for the actual authentication to Git over HTTPS. Alternatively, the TFVC Git Server will support SSH very soon; it's in the works: visualstudio.uservoice.com/…/3801342-add-support-for-ssh-keys-as-alternate-authenticati

1 year ago

Sam

I like it, even tho I don't use VS I think it's a good idea to be able to provide OTP for GIT

1 year ago

Giulio Vian

SSH keys are a good solution for some scenarios, in particular small teams, but they are no match for 2FA or MFA.